Cleanup in the web interface to prevent XSS attacks.

We had a couple of different problems actually.
* We allow users to insert html into many DB fields (say, a project or
experiment description).
* We did not sanitize that output when displaying back.
* We did not sanitize initial page arguments that were reflected in the
output (say, in a form).
Since no one has the time to analyze every line of code, I took a couple of
shortcuts. The first is that I changed the regex table to not allow any <>
chars to go from the user into the DB. Brutal, but in fact there are only a
couple of places where a user legitimately needs them. For example, a
startup command that includes redirection. I handle those as special
cases. As more come up, we can fix them.
I did a quick pass through all of the forms, and made sure that we run
htmlspecialchars on everything including initial form args. This was not
too bad cause of the way all of the forms are structured, with a
"formfields" array.
I also removed a bunch of obsolete code and added an update script to
actually remove them from the www directory.
Lastly, I purged some XMLRPC code I did a long time ago in the Begin
Experiment path. Less complexity, easier to grok and fix.
modified: sql/database-fill.sql
modified: sql/dbfill-update.sql

REPLACEINTOtable_regexVALUES('default','default','text','regex','^[\\040-\\073\\075\\077-\\176]*$',0,256,'Default regex if one is not defined for a table/slot. Allow any standard ascii character, but no binary data');